How to Install and Configure Bind to Setup your DNS Server?

Updated on September 3, 2017

If you are a regular reader of Techglimpse, then you might have read our previous articles about DNS, its types, how it works, difference between authoritative and recursive servers. We also showed you how to identify the DNS server IP address configured on your windows and Linux machines and how to analyze the speed of various DNS servers using the Benchmarking tool called namebench. Today, I’ll show how to install and configure Bind on your Linux based machines.

This tutorial will show the basic configuration of DNS server using bind. Bind is a free package that enables you to setup DNS server. The basic setup of bind will eat up 200 MB of your RAM and be prepared to configure more when the server goes into production (while you add more zones and when the server receives more queries).

DNS

Consider the basic setup as below,

One machine for setting up the DNS server - I am going to call this machine as 10.180.8.115.

Sample domain or zone – Techglimpse.com (10.180.3.74) to test the setup

Authoritative Name server for techglimpse.com will be called as ns1.techglimpse.com

Sample subdomains of techglimpse.com are ftp, www, mail.

Download and Install Bind

On Debian based machines,

apt-get install bind9 dnsutils

On CentOs/Fedora based machines,

yum install bind dnsutils

Note: Bind is the DNS server, while the dnsutils contains few dns related commands for testing and troubleshooting. For instance, dig.

Create a Zone file for the domain

As I told earlier, our sample domain will be techglimpse.com. So we’ll create a zone file for that domain. To do that, lets create a directory to store the zone files.

cd /var/named
mkdir -p zones/master
cd zones/master/

Note: My bind directory is ‘/var/named’, however this might change on your setup. For instance, /etc/named, /etc/bind etc…

Now its time to create zone file for techglimpse.com. The zone will be named as “db.techglimpse.com” which will contain DNS records such A, MX, CNAME etc…

vi /var/named/zones/master/db.techglimpse.com

Paste the below code,

;
; BIND data file for techglimpse.com
;
$TTL 3h
@ IN SOA ns1.techglimpse.com. admin.techglimpse.com. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
@ IN NS ns1.techglimpse.com.
techglimpse.com. IN MX 10 mail.techglimpse.com.
techglimpse.com. IN A 10.180.3.74
ns1 IN A 10.180.3.74
www IN CNAME techglimpse.com.
mail IN A 10.180.3.74
ftp IN CNAME techglimpse.com.

Note: To set up zones, you should create a similar zone file for every domain you want to resolve through your DNS server. Make necessary changes to the sample zone file above.

A quick look at the zone file:

* SOA Record – It refers to the authoritative nameserver of techglimpse.com as ns1.techglimpse.com and admin.techglimpse.com refers to the email address of the DNS server administrator.

* NS Records: techglimpse.com has one nameserver ns1.techglimpse.com. Normally, domains will have at least two nameservers for high availability. For demonstration, I have named only one name server.

* MX (Mail Exchange): techglimpse.com mail exchange record.

* CNAME Record: Canonical name.

Ok! Whatever we did now is for name to address mapping. Now lets create address to name mapping.

Setup address to name mapping:

We have configured the DNS server resolve to IP address when the domain is queried. Now, we should tell the server to do a reverse lookup as well. I mean, from IP to domain.

vi /var/named/zones/master/db.10.180.3

Paste the below code,

;
; BIND reverse data file for 3.180.10.in-addr.arpa
;
$TTL 604800
3.180.10.in-addr.arpa. IN SOA ns1.techglimpse.com. admin.techglimpse.com. (
1 ; Serial
3h ; Refresh after 3 hours
1h ; Retry after 1 hour
1w ; Expire after 1 week
1h ) ; Negative caching TTL of 1 day
;
3.180.10.in-addr.arpa. IN NS ns1.techglimpse.com.
74.3.180.10.in-addr.arpa. IN PTR techglimpse.com.

Here, 74.3.180.10 is the reverse address of 10.180.3.74. Note the file name as well.

* PTR record : Maps IP address to the domain name.

Configure named.conf to read the zone files

We should configure named.conf to refer the newly created zone files.

/var/named/zones/master/db.techglimpse.com
/var/named/zones/master/db.10.180.3

In my machine, the named.conf is located under /etc/. However this might change on your machine; for example: /etc/named/named.conf, /etc/bind/named.conf.

vi /etc/named.conf

Copy and paste the below texts

zone "techglimpse.com" {
type master;
file "/var/named/zones/master/db.techglimpse.com";
};

zone “3.180.10.in-addr.arpa” {
type master;
file “/var/named/zones/master/db.10.180.3”;
};

Note: Make necessary changes to reflect the actual domain and its zone file locations.

Verify the correctness of the configuration file using the below command.

named-checkconf

Check the zone files for any errors using the below command

named-checkzone

For example

named-checkzone techglimpse.com /var/named/zones/master/db.techglimpse.com
zone techglimpse.com/IN: loaded serial 1
OK
named-checkzone 3.180.10.in-addr.arpa /var/named/zones/master/db.10.180.3
zone 3.180.10.in-addr.arpa/IN: loaded serial 1
OK

If the above command responds with status OK, then you are good to proceed with the below steps, else re-check the configuration files for any errors.

Start the Bind server

/etc/init.d/bind9 start

or

/etc/init.d/named start

If there are any errors, you should see those while starting the named or bind9 daemons.

Test the setup

If you remember, I suggested to install dnsutils, which will install a command called ‘dig’.

dig @10.180.8.115 techglimpse.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @10.180.8.115 techglimpse.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45562
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;techglimpse.com. IN A

;; ANSWER SECTION:
techglimpse.com. 10800 IN A 10.180.3.74

;; AUTHORITY SECTION:
techglimpse.com. 10800 IN NS ns1.techglimpse.com.

;; ADDITIONAL SECTION:
ns1.techglimpse.com. 10800 IN A 10.180.3.74

;; Query time: 2 msec
;; SERVER: 10.180.8.115#53(10.180.8.115)
;; WHEN: Tue Oct 15 12:42:50 2013
;; MSG SIZE rcvd: 83

Test IP to host resolution,

dig @10.180.8.115 -x 10.180.3.74
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.17.rc1.el6_4.6 <<>> @10.180.8.115 -x 10.180.3.74
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47357
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;74.3.180.10.in-addr.arpa. IN PTR

;; ANSWER SECTION:
74.3.180.10.in-addr.arpa. 604800 IN PTR techglimpse.com.

;; AUTHORITY SECTION:
3.180.10.in-addr.arpa. 604800 IN NS ns1.techglimpse.com.

;; ADDITIONAL SECTION:
ns1.techglimpse.com. 10800 IN A 10.180.3.74

;; Query time: 2 msec
;; SERVER: 10.180.8.115#53(10.180.8.115)
;; WHEN: Tue Oct 15 12:44:30 2013
;; MSG SIZE rcvd: 105

Note: The first argument tells the dig command to resolve using the DNS server (10.180.8.115; which we installed now) and second argument is the domain name/IP in question.

That’s it. You have configured the Bind successfully.

Also read : Should you enable Recursion on your DNS? It’s vulnerable!

Also read: How to hide the DNS Server’s software name and its version? [DNS Security]

Also read: How to enable BIND DNS server logging to monitor queries and for troubleshooting?

Was this article helpful?

Related Articles

Leave a Comment